What are the components of a Financial Audit Program?

There are various core components of a financial audit program. First, an understanding of a financial audit:

• A financial audit is a regular exercise carried out by qualified professionals from within or outside, to check the financial health of an organization
• It involves having to verify, examine and analyze the various data pertaining to the organization’s finance, such as financial records and financial statements
• This exercise is carried out to assess the company’s financial status, its profit and loss, growth prospects, investments needed to achieve those prospects, and most importantly, compliance with prescribed regulatory requirements

Components of a financial audit program

Components of a financial audit program can be described in a number of ways. While on the one hand, components of a financial audit program could include the exact processes and steps that financial experts take to carry out the financial audit; on the other, components of a financial audit program can include those steps and processes that companies have to implement in order to ensure the smooth conduct of a financial audit.

So, components of a financial audit program could include at least two different, but related areas. In the first of these, the financial expert(s) look into many records, primarily these:

• The profit and loss statements;
• Balance sheet.

One of the core components of a financial audit program is the profit and loss statement, which reflects how the company is placed financially. A good financial expert can discern the exact health of the company by analyzing the profit and loss statement.

A balance sheet constitutes another of the components of a financial audit program, as it is in this that the financial activities of the company for a fixed period of time -usually a financial year -are measured and assessed.

Other components of a financial audit program

Among other components of a financial audit program; it is important for companies to know how to conduct itself during an audit. This is all the more important during external audits. The company has to comply with regulatory requirements to ensure that it supplies all the records and data that the independent auditor may ask. Failing to provide them, or proof of fudging of accounts is a serious offence and can attract major penalties. So, it is crucial for companies to keep note of the components of a financial audit program, so that it stays compliant and maintains a name in the industry.

 

click to continue reading

What is logistics and supply chain management?

Logistics and supply chain management (SCM) constitute a very important element of businesses. Getting the logistics and supply chain management aspects right is necessary for the smooth flow of products from their source to destination, during the course of which many activities need to be performed.

Logistics and supply chain management is emerging as a major area of business because of the evolution and growth of globalization. Many products and goods are produced in one country and consumed in another situated thousands of miles away. The right logistics and supply chain management helps to deliver the goods and products to the right person, at the right time, at the right place and in the right condition. Lack of proper logistics and supply chain management is a recipe for disaster.

What is logistics and supply chain management?Among the lay people, there is a tendency to use the two words synonymously and interchangeably. In trade, however, there are major differences between the two. Logistics is just a part of the supply chain. In simple, general and broad terms, one can understand the difference between logistics and supply chain in the following ways:

Logistics is a part of supply chain, meaning that it is a set of activities that are carried out within an organization. Supply chain, on the other hand, is the full set of activities that are carried out from start to finish, i.e., from the time it departs the organization that it is leaving till the time it reaches its logical destination. In this process, supply chain management involves the coordination and collaboration of many entities. In this sense, supply chain is a whole set of activities, of which logistics is only a part.

Another way of understanding logistics and supply chain management 

Another way of understanding logistics and supply chain management is this:

Logistics can be understood as being a discipline in which the following activities are involved:

On the other hand, supply chain management can be said to include more extended activities, which include:

Logistics and its extended activitiesLogistics often is described in terms of inbound and outbound logistics. Simply put, inbound logistics is the movement of raw materials and goods that are bought by and transported into a company. When these are processed and finished and shipped to customers; they become part of outbound logistics.

Logistics and supply chain management in a broader contextWhen one tries to get an understanding of logistics and supply chain management at a higher or broader level in the way logistics has been described above; supply chain management can be understood as consisting of these elements:

A sound supply chain system seeks to create value for the organization by building and utilizing logistics infrastructure. Logistics and supply chain management become meaningful when the organization synergizes demand with supply, stock and supply and inventory management

 

click to continue reading

The FDA’s Adverse Event Reporting Requirements

The adverse event reporting system is an important highlight of the FDA’s adverse event reporting requirements. This is the mechanism through which adverse event reporting requirements are listed out for the FDA to take further action.

The adverse event reporting system may be understood as being a database that aids and supplements the FDA’s postmarketing surveillance program for all its approved products that fall in the category of therapeutic biologics and drugs. So, this database has a record of the adverse event reporting done by all individual and sponsors of their clinical trials. It is a catalog of all the error reports that get generated at various times and stages of the clinical research program.

Voluntary in nature

The outstanding aspect of the FDA’s adverse event reporting requirements is that these reporting requirements are not mandatory. Yet, those involved in clinical research, such as sponsors, healthcare and pharmaceutical organizations, institutions and individuals strictly adhere to adverse event reporting requirements in order to steer clear of legal entanglements that could come their way in the future, and to help other players keep track of all adverse events.

Some of the core adverse event reporting requirements

Applicants should electronically submit all Individual Case Safety Reports (ICSRs) for human drug and nonvaccine biologic products in xml format. Among the adverse event reporting requirements, this has been in place from 2000.

The FDA has been amending rules relating to adverse event reporting requirements from time to time. According to the amendment passed in June 2015; the following adverse event reporting requirements apply:

All applicants should submit all ICSRs, ICSR attachments, and periodic safety reports electronically. They can do this using either of these options:

• Database-to-database transmission (“E2B”)
• The Safety Reporting Portal (SRP) by manually entering the data via our SRP portal.

The E2B method specifies that the files should be in xml format, and the attachments in pdf.

The Safety Reporting Portal (SRP) is meant for those applicants that do not have the database-to-database capability. To fulfill this among the FDA’s adverse event reporting requirements, the applicant needs to have an account with which to access the portal site. FDA’s adverse event reporting requirements state modes and criteria that applicants have to meet to request an SRP account, to activate the account, to add attachments, and for submitting Periodic Safety Reports (PSR).

click to continue reading

Risk Management and Compliance in the Healthcare Industry

Risk management and compliance in the healthcare industry requires a high degree of foresight, observation and knowledge of the regulatory rules and principles. Apart from being aware of the regulations, risk management and compliance in the healthcare industry is a lot about being smart, inventive and observative about the day-to-day aspects of the workings of the industry, as this highly operationalized activity is changing at a rapid pace.

Risk managers in charge of risk management and compliance in the healthcare industry need to equip the Board of Directors of the healthcare settings in which they work with much more than just the regulations that need to be put in place. They also need to impart insights into how this is to be done while keeping the costs low and at the same time, improving business.

These are the most important factors that make risk management and compliance in the healthcare industry extremely important:

Regulatory pressure is too much to bear

 

In the current scenario of highly reinvigorated regulatory oversight in the healthcare industry, there is heavy pressure on risk managers to implement risk management and compliance in the healthcare industry in an optimal manner. The fervor of regulatory requirements and level of supervision from the regulatory bodies have gone up so drastically of late that in a recent survey, PriceWaterhouseCooper found out that half the people on the corporate board governance in hospitals said that they regard risk management as their greatest priority for the next few years.

This trend is triggered by a host of factors, all of which could contribute to making risk management and compliance in the healthcare industry all the more critical in the years ahead. Some of the factors that have accelerated this sense of urgency and criticality are:

Burgeoning cost of healthcare: 

As the US healthcare industry grows into a multi-trillion dollar industry; there is a need for ensuring risk management and compliance in the healthcare industry.

Rapid increase in many diseases: Many diseases in the US are mostly a result of undisciplined and profligate lifestyles. This has placed a heavy burden on the healthcare sector to both implement preventive measures and improve standards in healthcare administration.

Technological improvements: History has shown that every improvement in technology has brought about more and more illnesses and disease, as technology makes people more sedentary. This has increased the pressure of risk management and compliance in the healthcare industry, as they are under higher pressure to implement strategies aimed at containing these.

Need to reinvent to stay ahead of the curve

 

All these factors are pushing corporate boards in healthcare to take a relook at the way risk management and compliance in the healthcare industry has been functioning. They have realized the need to implement these with a fresher and more urgent, yet intuitive approach. They need not just the judiciousness needed for grasping the present state of affairs in the industry; they need to also have sufficient foresight in anticipating the kind of change the industry is likely to undergo in the next few years.

The proper understanding and implementation of risk management and compliance in the healthcare industry sits at the core of this need for hospitals to stay abreast and ahead of the competition. Relying on traditional models of risk management and compliance in the healthcare industry is likely to take them only that far. The risk managers need to have the ability to develop enterprise-wide risk management strategies that withstand the onslaught of rapid changes and absorb them into the system.

 

click to continue reading

 

 

Internal Audit Checklist for HIPAA

The internal audit checklist for HIPAA is one of the primary elements of HIPAA implementation. The passage of the Health Insurance Portability and Accountability Act (HIPAA) by the U.S. Congress in 1996 was aimed at regulating the way and process by which healthcare institutions across the country reveal the medical information of their patients.

The Department of Health and Human Services (HHS) is tasked with monitoring the compliance aspect of the law, i.e., it monitors how medical organizations comply with the provisions of HIPAA. In order to ensure that medical organization stay compliant with the provisions of HIPAA; auditors measure these compliance aspects with a checklist when testing companies’ medical data recording processes.

The internal audit checklist for HIPAA, like any other checklist, is a list of do’s and don’ts that a healthcare organization has to look to see if it is complying with its processes relating to medical data sharing and recording. These are the core areas against which auditors prepare and monitor the internal audit checklist for HIPAA:

Analysis and assessment of risk

One of the foremost aspects of the internal audit checklist for HIPAA is the organization’s analysis and assessment of the risk involved in disclosing medical information. Medical organizations of the designated types have to carry these out at regular, periodic intervals in ensuring that they don’t give opportunities for causing data breaches. Since healthcare organizations are involved in collecting, keeping and transferring of medical information; it is necessary for them to keep analyzing and assessing the risk involved in data breaches.

Gap analysis

In this category of internal audit checklist for HIPAA; auditors compare regulatory guidelines to security systems in the corporate sector. The idea is to help the medical organization outline its security requirements vis-a-vis its security infrastructure

Remediation

In this internal audit checklist for HIPAA; the healthcare organization relies on a number of technologies and steps to prevent any breach of data, and to also offset the damage done when a breach happens. The primary tools used in this internal audit checklist for HIPAA include software used for tracking defects, for process reengineering, CRM and a few ERP applications.

Planning for contingencies

An internal audit checklist for HIPAA also includes a set of plans that the healthcare organization has to have to be able to plan for contingencies. A healthcare organization can expect emergencies or disasters from any source, and these can be of any kind. An internal audit checklist for HIPAA should include plans for anticipating and dealing with these.

Personnel policies

The policy a healthcare organization puts in place for its personnel is an important point in the internal audit checklist for HIPAA. It has to decide what kinds of trainings its staff members receive for implementing HIPAA compliance.

 

 

 

click to continue reading

What are the potential areas of risk management?

 

The most critical aspect of risk management is the identification of potential areas of risk management. This helps the organization to stay focused on the areas in which it could possibly face risks, rather than taking an aimless view and shooting about in the dark.

In a very broad sense, the potential areas of risk management include all areas of a business, because simply no area of the business is exempt from a risk. Talk about finance, and it comes with a risk. What about manufacturing? And what about operations or marketing? How about human resources? In this very expansive sense, every area or activity of the business is among the potential areas of risk management.

Potential areas of risk management could lie simply anywhere

On top of these potential areas of risk management that each part of the business is prone to; there are also the other industry-related risks that inhere into any business. The risks of running, say, a firecracker business, are much higher than running a grocery store. So, potential areas of risk management should ideally include a very broad discussion on every aspect of risk management.

However, when one takes an overview of the potential areas of risk management instead of trying to break down the elements of each function in which there are potential areas of risk management; one can classify these among them:

Generic risks: As we have been discussing, any business, absolutely any business, comes with some degree of risk. And, each business comes with its own generic risk, such as falling short of funding at crunch times, core people leaving the organization at important times, logistics failures at critical times, and so on.

Product specific risks: As the title suggests, this kind of risk is specific to the product that the business deals with. Some products come with their unique risks, and hence, this kind of risk counts among the potential areas of risk management.

People-specific risks: These can happen in a business in which much depends on a few important people. The inefficiency or departure of such people could be among the potential areas of risk management for businesses or projects that are dependent on people.

Financial risks: Obviously among the top potential areas of risk management; financial risks come into play when the organization is not able to meet its bottom lines due to a variety of factors. Not getting funds on time, not getting payments from customers on time, not being able to service debts are some of the factors of financial risks.

Technology risks: Technology is a high area of risk, because it keeps changing at a breakneck speed. If organizations don’t keep up with the pace, technology risks could count among potential areas of risk management.

Market risks: Market risks are yet another of the potential areas of risk management because most businesses are run on the assumption or speculation that a market is going to grow at a certain rate or pace. If the estimate of this market goes wrong, it affects the business negatively.

Customer risks: The ultimate decider of the business is the customer. If a customer gets irate at a bad product or service and issues bad press, it could become one of the biggest of the potential areas of risk management.

Real estate risks: For some businesses, especially retail, the location of the business is a major factor. In many instances, the choice of location could often decide the fate of the business. Imagine setting up a high end retail store in the vicinity of a slum. Does that make sense? Yet, even if a business chooses the right location, it could sometimes be forced to relocate due to factors such as legal issues of the property, making this among the potential areas of risk management.

Finally, what needs to be said is that the list above is by no means a comprehensive one. The potential areas of risk management, as we have discussed at the beginning, are simply too many and too fluid and subjective. They could vary from market to market, product to product and business to business. A business that is perceptive about the market has to make the right assessment of the potential areas of risk management before it starts one. It should also be ready to face the potential areas of risk management if it is up against any factor that lies beyond its reach or forecast.

 

click to continue reading

Biotech and Pharmaceutical Courses are a gateway to a challenging and flourishing career

With over four million employed directly or in allied sectors and catering to the world’s largest market and research area, biotech and pharma is a fast growing industry. Its courses are designed to prepare individuals for this giant industry.

Biotech and pharmaceutical courses are much sought after by aspiring professionals in the field of biotech and pharma. This is why:

• The US is the world’s largest market for pharmaceuticals, as well as being the world leader in biopharmaceutical research
• Research by Pharmaceutical Research and Manufacturers Association (PhRMA) has revealed that the majority of the world’s research and development (R & D) in pharmaceuticals is conducted by U.S. firms
• These firms hold the intellectual property (IP) rights on most new medicines.

Huge in every sense

Around 5,000 new medicines with approximately 3,400 compounds are currently being studied in the United States, the longest pipeline in any region in the world. The pharmaceutical industry employs nearly a million people and supports more than three times that number in related and supplementary industries. All these place a high demand on biotech and pharmaceutical courses.

What should those aspiring for courses look for?

Certification is the primary criterion to look out in those seeking a biotech and pharmaceutical courses. Whether it is classroom or online courses that are opted for; certification by a certifying authority should be the determining admission to biotech and pharmaceutical courses.

CFPIE or the Center for Professional Innovation and Education Inc., BioPharma Institute and Center for Professional Advancement (CFPA) are some of the better known providers of certified biotech and pharmaceutical courses. This is a partial list of the areas on which courses are offered by these institutes/centers:

The following tripod of software-related issues forms the IEC 62304:2006’s foundation:

These three attributes form the backbone of the test of a medical device company’s successful compliance with the regulatory requirements. For a medical device company to be successful in applying ISO 14971:2012 and IEC 62304:2006; it has to implement a cross-standard and resourceful way of integrating activities covering these requirements documents.

 

click to continue reading

Understanding the importance and benefits of auditing Quality Management Systems

Auditing Quality Management Systems is a core requirement for ensuring that Quality Management Systems – defined as “…a set of policies, processes and procedures required for planning and execution” in the core business area of an organization, meaning those that impact the ability of the organization to meet customer requirements – are updated and kept in compliance with regulatory requirements. The ISO 9001 set of standards is a step towards helping organizations achieve this end.

The ISO 9001 series, aimed at facilitating and ensuring that organizations of various kinds audit their Quality Management Systems in tune with regulatory requirements set out in this standard; was first implemented in the 1980’s. Today, across the globe, over a million organizations have been certified for complying with its requirements. The ISO 9001 is a tool for auditing Quality Management Systems across all kinds of organizations: big, small or medium to one stop providers to multinational organizations that operate in various geographies.

Why is auditing of Quality Management important?

ISO standards have been arrived at after years of practice, observation and trial and error endeavors. These standards have evolved over continuous implementation of many best practices that are suited to particular organizations based on the size of their operations and the nature of their business.

An organization that has been in the practice of auditing Quality Management Systems is said to be implementing a better way of dealing with risk management. It is also considered an organization that enjoys enhanced stakeholder and customer confidence, as well as an improved, efficient and effective management and operational systems.

More than anything else, auditing Quality Management Systems are the surest means to ensuring that products and services from an organization meet certain prescribed processes and standards. An auditing Quality Management System officially certifies that the organization task a risk-based, process oriented, streamlined approach to ensure the safety, reliability and consistency of its products and services. A company that puts auditing Quality Management Systems in place is said to be more conscious of meeting customer expectations and makes continuous efforts and improvements into its products and services and complies with the law.

Certification is proof that the organization is auditing its Quality Management Systems

Certification is like the proof of the pudding in Quality Management Systems audits. A company may claim to be implementing quality standards, but how does the world come to know about it? It is only through auditing Quality Management Systems certification that this happens. For a company to earn auditing Quality Management Systems certification; it has to be audited by the ISO. Upon careful scrutiny of its practices, the ISO awards the organization the 9001 Quality Management Certification.

What are the benefits of auditing Quality Management Systems certification?Certification from the world’s leading Quality Management Systems auditing certifying body gives such an audited and certified company a host of credentials and benefits. These are some of them:

click to continue reading

Good Manufacturing Practices are essential for ensuring quality

Good Manufacturing Practices (GMPs) constitute one of the core components that go into the manufacture and distribution of foods, drugs and other pharmaceutical products. Good Manufacturing Practices are prescribed by regulatory agencies from around the world, the FDA and the EMA being among them.

The guidelines set out by these regulatory agencies are aimed at bringing about standardization in the process of manufacture of these products and to ensure their quality. The utmost diligence of organizations that manufacture these products is called for.

The FDA attaches the highest importance to quality, since drugs and pharmaceuticals are consumed by millions of Americans for a variety of diseases and conditions. Keeping this in mind, the FDA has formulated guidelines with which manufacturing maintains set quality standards across a range of products ranging from foods to pharmaceuticals. The whole set of guidelines for manufacturing products in a variety of industries and activities is clubbed under the collective term, “Good Manufacturing Practices (GMP)”. The FDA attaches the highest importance to quality, since drugs and pharmaceuticals are consumed by millions of Americans for a variety of diseases and conditions. Keeping this in mind, the FDA has formulated guidelines with which manufacturing maintains set quality standards across a range of products ranging from foods to pharmaceuticals. The whole set of guidelines for manufacturing products in a variety of industries and activities is clubbed under the collective term, “Good Manufacturing Practices (GMP)”.

Since these best practices keep changing from time to time and the latest developments overshadow the existent ones; the FDA expects manufacturers to keep abreast of the latest regulations it passes, called cGMP, meaning “current” Good Manufacturing Practice.

No single set of standardsGMPs and cGMPs are not a single, rigid and monolithic set of standards or rules that everyone is expected to implement in their manufacturing systems. The regulatory agencies prescribe a broad set of general principles, from which a manufacturer from particular industries have to implement at a minimum level of quality requirements, the ones appropriate to it. Further, these guidelines offer options on the ways by which those regulations that are relevant to it can be accomplished. The organization needs to determine the one that suits it best for implementing that system.

Purpose of Good Manufacturing PracticesWhy the regulatory agencies take this task upon themselves is because the consumer is not in a position to identify a spurious product or one that has not been through all these scientifically designated processes. The fundamental purpose for which the regulatory agencies require adherence to the CGMP regulations is that compliance to these guidelines is a means to assuring the following:

In order to achieve this, drug manufacturers have to take all the steps needed to control the manufacturing operations. This includes establishing strong Quality Management Systems, obtaining appropriate quality raw materials, establishing robust operating procedures, detecting and investigating product quality deviations, and maintaining reliable testing laboratories.

The FDA believes that putting all these steps and processes in place through this formal system of controls by a pharmaceutical company is a means to prevent mix-ups, contamination failures, deviations and errors. In addition to ensuring that drug products that go through these processes meet their quality standards; the cGMPs help to put in place systems with which proper design, monitoring, and control of manufacturing processes and facilities are assured.

Highlights of GMPs/cGMPsThe nature and role of current Good Manufacturing Practices can be summarized into the following:

The GMP regulatory requirements in the EU

The EMA, being the regulatory agency for the EU; oversees the implementation of cGMP guidelines. The EMA’s guidelines apply to all the Member States of the European Union. The purpose for which these guidelines are set out by the EU is more or less the same as that for which other agencies such as the FDA lay out these rules. The essential reason for which this is done is to ensure that the pharmaceutical or any other regulated products:

The EU’s directives on GMP are listed out in its important legal frameworks and guidelines. These include:

• Regulation No. 1252/2014 and Directive 2003/94/EC, which are for active substances and medicines for human use
• Directive 91/412/EEC, which relates to medicines for veterinary use
• Directive 2001/83/EC and Directive 2001/82/EC, which prescribe related provisions.

 

click to continue reading

Regulations in the US and EU Dealing with Combination Products

Registering and maintaining combination products in the US and the EU is a bit tricky, because these are disparate markets that are governed by different sets of regulations which are independent of each other. So, any business that wants to market combination products into the US or the EU must be completely aware of the nature and meaning of all the regulations. Such businesses need to understand the nuances of the regulatory expectations and do what it takes to meet these.

Professionals and organizations that work in these areas must familiarize themselves with the existing regulations and their latest updates. This is the foundation to ensuring that their products comply with regulatory requirements and meet quality standards, which ensures that the consumer consumes products that are of the set scientific standards.

The regulations in the two markets have evolved differently. The fact that the regulatory agencies in the two markets, namely the US FDA and the European Medicines Agency (EMA) work to ensure the quality of drugs and thus the wellbeing of their consumers is the commonality between the two.

While the US FDA is a centralized agency that regulates food and medicinal products across the vast US market; the EMA, synchronizes the regulations of the 28 countries that are members of the European Union. While the FDA was primarily created to be a consumer protection agency; the regulations from the EMA came about to harmonize the commercial and technological interests of the Member States.

The EU’s new update

In September 2016, the EU, through its two major legislative organs -the European Commission and the European Council, reached a compromise on a major area concerning combination products. Reached four years after a deal was made; the compromise relates to medical devices and invitro diagnostic (IVD) devices.

High risk combination devices, such as implants, will from now be assessed and authorized by the EMA. Brought in to replace the existing EU legislation on medical devices and in-vitro diagnostics; the new regulation seeks to make these products more consistent and uniform in terms of their assessment and approval process across the EU.

Thorough and sound learning of the US and EU regulations on combination products

This is the case of just one regulation in the EU concerning combination products. When the regulations and their updates from both the US and the EU are taken together, a regulatory professional or anyone in manufacturing is up against a mountain. It is to help gain clarity on this wide array of topics that GlobalCompliancePanel, a leading provider of professional trainings for the areas of regulatory compliance, will be organizing a two-day seminar.

This seminar, which is aimed at giving professionals who work in areas concerning regulation in the combination products area, will have Salma Michor, founder and CEO of Michor Consulting Schweiz GmbH, as the Director.

Please visit Regulations in the US and EU Dealing with Combination Products to register for this seminar. This seminar has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion.

Clarity about combination products

Over two days of intense learning, Salma will offer a thorough understanding of the complexities involved in the regulations about combination products in the EU and the US. She will offer in-depth explanation of all the relevant regulations and guidelines. She will reinforce this learning by offering real life examples of how to register and maintain various types of combination products.

Salma will also help participants explore Interfaces, at which Change Management and LCM will be taken up for explanation. Other important aspects relating to the subject of combination products, namely compliant safety reporting for combination products and documentation requirements and interfacing, will be described in detail at this session.

Over the two days of intense learning, Salma will cover the following areas:

Documentation requirements and interfacing

• Documentation requirements for combination products EU
• Documentation requirements for combination products US
• Interfacing, development, quality, regulatory
• Managing third parties and document control.

This seminar is of high value to professionals whose work is related in one or another way to combination products, such as Regulatory Affairs, Medical Officers, and Clinical Trial Managers.

click to continue reading